At LastPass, we welcome the opportunity to engage with security researchers who review our architecture, validate assumptions, and help strengthen our defenses. Recently, an academic research team from ETH Zurich evaluated several cloud-based password managers and reported a set of findings relevant to LastPass. These issues touch areas such as account recovery, sharing, and vault integrity.
We very much appreciate the work of the security researchers to identify and responsibly disclose potential vulnerabilities as it ultimately plays an important role in helping to keep our customers safe. This post explains, in plain English, what was reported, what it means for customers, and how we are hardening LastPass in response.
Industry context: The issues discussed reflect security challenges common to cloud-based password managers, particularly with regards to field-level encryption and the identity challenge of public keys. As outlined in the research, “Introducing proper authentication of public keys is non-trivial.” Our focus here is on the concrete steps we are taking within LastPass.
What was reported:
The ETH Zurich research describes several theoretical ways a highly privileged attacker, one with control over infrastructure or the ability to tamper with server responses, could attempt to interfere with how password managers handle encrypted data. Specifically with regards to LastPass, the reported issues fall into five broad areas:
- Account recovery (admin resets):In some business environments, a user with administrative privileges can help another user reset their account. This process relies on the validation of cryptographic public keys, and making sure those keys truly belong to the right person is a persistent challenge for many password managers.
- Sharing passwords or items:When you share something with another person, LastPass encrypts it using that person’s public key so that only they can decrypt it. Similar to the challenges with account recovery, confirming that a key actually belongs to the intended recipient is a difficult problem for many password managers. In theory, a malicious server could try to swap that key and access the shared item.
- How vault items are built:Each vault entry, like a credentialor a secure note, is made up of several separate encrypted pieces. Without validation of the items that are bound together, an adversarywith the ability to tamper with data on the server side could try to move encrypted parts around between fields or items.
- Website icons and URLs:LastPass sometimes fetches website icons to help customers organize their vaults and quickly identify entries. If a vault item was swapped using the above method, that swapped item or field would be displayed.
- KDF brute-force attacks:LastPass allows users to change their derivation number. If an adversary was able to intercept the connection, then there would be a possibility to reduce the count to enable quicker offline guessing of weak passwords.
- It is important to note that each of these scenarios assumes an advanced attacker with persistent access to our production infrastructure. They do not reflect normal LastPass operation or expected user behavior.
What this means for customers today
- No evidence of exploitation: To be clear, we have found no indication that these techniques have been used to compromise LastPass or our customers.
- No immediate action required: Customers should continue using LastPass as normal. To continue to receive the best possible secure access experience, we always recommend that users check to ensure they are up-to-date and using the latest version of our browser extensions and apps.
- We are on it!: Our Security team is grateful for the opportunity to engage with ETH Zurich and benefit from their research. As a result, we have already implemented multiple near-term hardening measures, while also commencing work on additional longer-term improvements designed to address their findings (see below).
- Admins can expect future updates: Some upcoming improvements, particularly those related to cryptographic settings, will require coordinated updates for our Business users.
- Zero Knowledge: As mentioned by ETH Zurich in their research paper, ‘Zero-Knowledge Encryption’ is a term widely used by vendors of cloud-based password managers." Much like many of our peers, LastPass operates with a zero-knowledge approach; this means that sensitive vault data is only transferred to LastPass once it has been encrypted, as described more fully in our Technical Whitepaper.
What we’ve already addressed
- Icon and URL handling: We have already completed mitigations related to how icon URLs are processed, addressing the scenario described by researchers.
What is imminent
Password strength settings
Our teams are actively working on enhancements that include:
- Improving how cryptographic parameters are validated and authenticated.
- Enforcing safe configurations and preventing unauthorized downgrades.
This work will require a coordinated migration, which is currently planned for March 2026. We will provide fixes, documentation, and advance notice to users help ensure a smooth transition.
What we’re improving next
The remaining items are being addressed as part of our efforts to strengthen protections across both clients and services.
Account recovery and sharing
- Hardening admin password resetflows to ensure all public keys involved are securely authenticated.
- Strengthening sharing workflows so recipient keys cannot be substituted or overwritten by a malicious intermediary.
Enhanced vault integrity and metadata protection
- Our product teams are actively working to add stronger integrity guarantees to better cryptographically bind items, fields, and metadata, thereby helping to maintain integrity assurance.
Best practices for Business Administrators
At LastPass, we are committed to strengthen the security of our infrastructure and assuring our customers that their data is private, protected, and secure. We do, however, recommend that LastPass users continue to follow these best practices designed to help ensure their sensitive vault data remains well-secured:
- Require MFA and/or SSO for all administrative accounts.
- Limit the number of super admins and regularly review admin roles.
- Confirm that all users are on the latest version of LastPass extensions and apps.
- Apply the principle of least privilege to sharing and shared folders.
Our ongoing commitment
Over the last several years, we have made multi-million-dollar investments to harden our security. To learn more about this ongoing commitment, visit Is LastPass Secure and read What We Have Done to Secure LastPass.
Today, our commitments remain clear:
- Defense in depth through stronger cryptographic integrity
- Transparent communication with customers and admins
- Thoughtful migrations that prioritize data safety and usability
